cherrypy/lib/auth_sign.py
cherrypy/test/test_auth_sign.py
cherrypy/test/test_private.pem
cherrypy/_cptools.py
setup.py
tox.ini
cryptography==2.2.2
- Create a Python3 virtualenv and install the wheel file from the lib/ folder
- Start the server by running the command
python server.py - In this example, there are 4 urls, 2 are authenticated and 2 are public
- The four urls are :
- http://localhost:8081/ (public url)
- http://localhost:8081/health (public url)
- http://localhost:8081/app/ (auth url)
- http://localhost:8081/app/health (auth url)
- To send requests to each of these urls, we will use the client.py file
- The client.py generates a signature and attaches it to request header
- To send a request to a url, run the following command
python client.py <URL> - The response will be displayed in the console
- First generate RSA private and public key pair
- Private key will be used in client side for signing the message
- Public key will be used in server side to verify the signature
- Add the following lines to your server config dict
'tools.auth_sign.on': True,
'tools.auth_sign.realm': host,
'tools.auth_sign.key_file': 'keys/public.pem', - For client side signature generation, refer to the client.py file
- Private key is loaded from PEM file using cryptography library
- Message is signed using the private key, and signature is generated
- Signature is Base64 encoded and then converted to string
- This string format signature is attached as header to the request
- The signature and message header contents are extracted from the request
- In the _verify_signature method, the signature, message and path to the public key PEM file are passed
- The public key is read from the path
- The signature is converted to bytes, then Base64 decoded
- The signature and the message are then verified
- On successful verification, the method returns True, otherwise False